I consider your "stealth rule" somewhat limiting. The first rule sends a
response to anyone trying to initiate a connection with "Here I am, I'm
here, and I'm not letting you through!". The firewall should be as
transparent as possible.
Not good. Change that rule to drop.

Your second rule is denying anything out of the firewall.. Why not let the
cleanup rule handle that?

I would also recommend you specifying internal hosts and networks, and not
just identifying everyone as "ANY"

I would recommend you visit lance spitzner's site on rule building.

http://www.enteract.com/~lspitz/pubs.html

Thomas Poole

-----Original Message-----
From: C.M. Wong [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 05, 2000 10:15 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Fw rule Q.



Hi all,

My first two rule is the default:

source  dest  traffic  action
any       fw      any        deny
fw      any   any      deny

I have a scenario whereby I need to connect from the fw to one of my
internal servers. Hence I place the rule right on top of the default 2 rules
like so:

fw      <some_ip>      <specific port>     accept  # rule 1
any       fw                 any                         deny     # rule 2
fw      any          any                       deny     # rule 3

For some reason when I do a telnet <some_ip> <specific_port>, I get no
response. Checking the logs, rule 3 is blocking the traffic. But if I remove
rule 3, everything works and guess what, rule 0 is allowing the traffic
through and not rule 1. huh? I know rule 0 are some of the fw-1 properties
settings, but I have removed the dangerous ones (like icmp, dns etc) on day
one. Any of you guys can shed a light here on why this is occurring??

For the record, fw-1 41 sp2 is being run. TIA.

Rgrds,
Wong.




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to